354 matches found
Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager
F5 BIG-IP CVE-2023-46747 - Unauthenticated RCE + Auto Reverse...
PT-2025-48032
Name of the Vulnerable Software and Affected Versions mJobtime version 15.7.2 Description A blind SQL Injection SQLi issue exists in mJobtime version 15.7.2. An unauthenticated attacker can execute arbitrary SQL statements by sending a specially crafted POST request to the /Default.aspx/update...
PT-2025-48031
Name of the Vulnerable Software and Affected Versions mJobtime version 15.7.2 Description The software handles authorization on the client side, allowing an attacker to modify the client-side code and gain access to administrative features. Attackers can craft requests based on the modified...
PT-2025-47527
Name of the Vulnerable Software and Affected Versions D-Link Router DIR-868L version FW106KRb01 Description The D-Link Router DIR-868L version FW106KRb01 contains a remote code execution issue in the cgibin binary. The HNAP service within cgibin does not properly filter the HTTP SOAPAction header...
WatchGuard Firebox Out-of-Bounds Write Vulnerability
WatchGuard Firebox contains an out-of-bounds write vulnerability in the OS iked process that may allow a remote unauthenticated attacker to execute arbitrary code...
PT-2025-46663
Name of the Vulnerable Software and Affected Versions N-central Software Probe versions prior to 2025.4 Description The N-central Software Probe is susceptible to Remote Code Execution through deserialization. No authentication is required for exploitation. Recommendations Update to a version of...
CVE-2022-50589
SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerability within the processing of the ‘uid’ parameter within the ‘export’ functionality. Successful exploitation allows remote unauthenticated attackers to ultimately execute arbitrary code...
PT-2025-45096
Name of the Vulnerable Software and Affected Versions BMC Control-M/Agent affected versions not specified Description The Control-M/Agent is susceptible to unauthenticated remote code execution, arbitrary file read and write, and other unauthorized actions when mutual SSL/TLS authentication is no...
Vulnerability fixed in WatchGuard Fireware OS
WatchGuard has fixed a vulnerability in Fireware OS Specific to certain VPN configurations. The vulnerability is in the way Fireware OS handles Out-of-bounds Write. This allows a malicious, unauthenticated attacker to execute arbitrary code. This could lead to serious consequences for affected...
CVE-2025-34512
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting XSS vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary script in the victim's browser. Ilevia has declined to service this vulnerability, and recommends that...
CVE-2025-34512
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting XSS vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 t...
CVE-2025-34513
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbusbuildfromcsv.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to...
CVE-2025-34512 Ilevia EVE X1 Server 4.7.18.0.eden Reflected XSS
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting XSS vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary script in the victim's browser. Ilevia has declined to service this vulnerability, and recommends that...
CVE-2025-34512 Ilevia EVE X1 Server 4.7.18.0.eden Reflected XSS
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting XSS vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary script in the victim's browser. Ilevia has declined to service this vulnerability, and recommends that...
EUVD-2025-34801
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbusbuildfromcsv.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to...
CVE-2025-35050
Newforma Info Exchange NIX accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. The vulnerable endpoint is used by Newforma Project Center Server NPCS, so a...
PT-2025-41466
Name of the Vulnerable Software and Affected Versions Newforma Info Exchange affected versions not specified Description Newforma Info Exchange accepts serialized .NET data via the /remoteweb/remote.rem API endpoint without proper validation. This allows a remote, unauthenticated attacker to...
EUVD-2019-7053
Malware in sbrugna...
EUVD-2022-15424
Malicious code in bioql PyPI...
EUVD-2024-54902
Malicious code in bioql PyPI...